Threat Analysis Of Network Based Medical Device In Hospital
Roles and the function of the Organization
The threat analysis is a very important procedure that is included in the project management and the project development techniques. The identification and the mitigation of the threats in the project that is conducted by the company are known as the threat analysis procedure for the company. The paper is concerned with the case of a network based medical device. The detection of threat in a network based system is a very critical procedure and involves a lot of procedures and thorough analysis. In the current scenario the threat analysis was performed on a network based Windows embedded medical device. The system was basically designed for helping the staffs of the hospital in the prevention of the critical situations. The system helps in providing several type of benefits for the staffs of the company.
The report provide in details description about the threat analysis of the situation that is present in the hospital.
The report contains the descriptions of the present situation of the system and also the analysis of the threats and also their solution techniques. In addition to this the report provides the description of the techniques that would be used in the solutions of the threats and also the methodologies that are important for the resolution of the threats that are detected in the systems.
The medical device is been recently implemented in the Ronal Regan Medical Center. The organization provides the virtual community for their patients. Hence, the system would be of optimum use for the staffs of the medical center. This would help the staffs to have important information about the patients that are admitted to the medical center. The medical center also provides a very secure environment for the patients of the center. In addition to this, the staffs of the medical center are also very efficient and the system would also help in increasing the efficiency of their processes. The organization allows the patients to use the cloud systems that are used by the organization and hence the operation of the organization and the procedures that the patients have to go through are simplified by the organization.
The system that would be used in the hospital basically consists of a device that is a fan less and also a disk less one. In addition to this, the system makes use of the touch screen facilities and also it makes use of the Intel processor inside the systems and also they make use of the Windows XP operating systems for the user interface of the system. The Flash Storage is used for the operating system and also for the application software. The devices that are being used by the staffs and the members of the hospital is having two ports that would be supporting the Ethernet functionalities and also the device makes use of the TCP socket. In addition to this, the TCP socket provides the nursing stations with the facilities to implement the management of the console functions. Although the devices do not poses the membership for the Microsoft Active Windows directory. They also do not posses any kind of internet connectivity.
System Design and the Vital Facilities
The existing security of the system are not very efficient, however some of very efficient security measures are added to the system. The system consists of two step validation procedures that would be validated by the employee login key for the medical center. In addition to this, the system has the important firewalls installed within the networking system so that the data of the patients are stored safely in the systems and also this would prevent the user data from getting stolen or corrupted.
For the assessment of the threats in the systems a threat model is being used. The model consists of four stages: mapping assets to vulnerabilities, threats that can exploit those vulnerabilities and also the implementation of the countermeasures that can mitigate the assessed vulnerabilities in the systems.
The main threats that were detected in the systems were the trusted insider information leakage, viruses’ effect and the denial of the service and malware attacks on the system. There are various unmitigated threats that are present in the system. There are threats that are detected are not on the short time basis but the threats are basically predicted occur on a frequency of about two to three years. In addition o this, the malware and the denial of the service attacks are considered to be very rare for the system.
Additionally, there were threats that were found to be very severe for the systems. The additional threats that were detected are:
The trusted insiders may be leaking the ePHI to the parties that were interested in the system of the organization. In addition to this, there might be defects in the software or in the configurations of the system that would be causing the other units of the system to become unresponsive and also they would also not be able to provide the patients with the service of monitoring them. The system is windows based and hence the medical devices that are implemented by the medical center might get infected very easily and also they might be propagating the virus or the malware to the other parts of the software throughout the organizations. This would also be allowing the malicious viruses to propagate thorough out the system and disrupt the total operation of the research center. There might also be hardware defects that would be affecting several units of the systems. This disrupts the monitoring system of the health center. And hence, would be affecting the overall efficiency of the system and would be interrupting the services that are provided to the patients.
For the protection of the system a protection concept is being used in the system. The protection of the system is very necessary. The protection from the electrical appliances and also the external devices should be kept in mind for the systems. There should be an all round security measures adopted for the electronic devices in the hospital that would protect the devices from the threats that can occur due to the surrounding devices in close proximity of the device. The device should also be protected from the other components that are attached to the same network.
Existing Security Means
For the resolution of the threats that are detected the first process that can be adopted by the organization is the removal of the ePHI from the medical device. The Protected Health Information was one of the most severe threats for that was detected at the start of the analysis procedure. In addition to this, the threat was very severe as this was concerned with the privacy of the patients. The PHI is the information centre for the medical center that would be used for the identification of a particular individual that is admitted to the medical center. In addition to this, the system would also contain the information about the patient during the stay of the patient at the medical center. After it was analyzed that the system was one the most severe threats to the organization it was decided that it would be removed from the system. It was decided that instead of the actual information of the patient they would denoted by the bed number that is used in the system. The nurse would be acknowledged with the bed number in case an alarm is raised and also they would reported by the heart rate of the patients in case of an emergency.
After the removal of the protected Health Information system from the medical system the further threat that lay ahead was that of the medical device infecting the network and the information that was in place for the medical research center. Hence it was decided that countermeasure policies be adopted for the resolution of the threats that were detected in the system. By using the threat model that was in place the countermeasures of the threats that was detected in the system from the analysis. It was decide after planning the countermeasures the threats that were detected in the system would be reduced to 3% to that of the actual amount of threat that was detected in the system.
The first line of protection involves the adjacent areas and the surrounding environment of the building ids safely guarded, although the building is beside the main road, but the building id safely guarded by the other three sides. In addition to this, the building is safely guarded from the on road accidents.
The perimeters on the three sides of the building other than roadside are 2.8 meter high. In addition to these proper lightings in and around the building are efficiently placed. In addition to this, the device is located in the building away from the roadside and hence, they do not face kind of threats from the outside interference directly.
In addition to the securities the devices is safely secured within the building with proper monitoring systems. The system is guarded by the CCTV cameras and also additional gaurds are placed that would prevent any kind of intrusion to the system.
There are other vital areas within the building that would have to be provided with proper protection. In addition to this, the system and the monitoring room would also require proper guarding system and also the lock and doors of the system are very efficient for security of the system.
Security Counter measuring plan:
The following plans can be considered for the security countermeasures plan:
- Firstly, the organization is required to perform the software security assessment for the relevant module and also there is requirement for the organization to perform the quality assurance review of the system that was in place for the organization.
- Secondly, the new algorithms and process for the system was to be designed so the system could be upgraded and also they can be implemented into the enterprise system of the organization very easily.
- In addition to this after the installation of certain software there are requirement for the software to be updated and also validation check for the software on the machine should have been performed.
- Fourthly, the systems were running on the Microsoft windows system hence, the .NET frame work was to be updated. The organizations are required to obtain the reports for the upgrade of the .NET framework and also the organization required to upgrade the framework according to the reports that were provided for the upgrade.
- Additionally, there were chances that the systems were affected with viruses through the USB ports and hence, there is requirement for toggling the io-board hardware devices for disabling the USB ports of the system. In addition to this, there should also be implementation of the procedures so that it can be ensured that clear versions of the media are updated in the devices.
- Lastly, the system should also block the enterprise network access for the monitoring of the units that are existing in the systems. In addition to this, the communication software should also be configured and the validation should also be checked and the invalid contents should be eliminated from the system. The tcp/ip protocol suites should be presented in a binary form so that the data are relative difficult to decoding using the techniques such as sniffing. They should also remove all the ePHI content form the system. There are also chances that the hardware units might become unresponsive and hence, the system should be checked
Patch Management
In addition to the security measures that are to be adopted by the organization they are also required to implement some kind of patch management for the mitigation of the threats that can arise regarding the software that is used in the machines. The policy of running the automated windows by the organization is not necessarily important for the organization. IN addition to this, the counter measures that are implemented for the embedded medical system require proper mitigation techniques.
Threats/Vulnerability Assessment
Additionally, the FDA 510(K) recertification of the medical device may not be necessary when the application of the security patches is done in the Windows Update. The update is practically impossible to be conducted without the access to the internet and also the medical device vendor would be applying the patches to the embedded images as a part of the ongoing device field maintenance.
Defense of the security system against the virus and the malwares
The effect of the viruses and the malwares are also one of the main concerns for the system. The main concern is the entry point of the virus and the malwares in the system. The organization is required to identify the entry points of the virus and the malwares to the systems and also they are required to seal the entry points of the malwares and the virus to the systems efficiently. In addition to this, the system should have the TCP/IP protocol suites implemented appropriately and also they are required to control the data flow using the TCP/IP sockets in the systems. The USB are also one of the entry points of the viruses and the malwares into the system. The malwares and the viruses can be easily stopped with the elimination of the US ports from the systems so that no one would be able to insert any kind of devices into the systems and harm the systems. This would restrict the entry points of the viruses and the malwares both internally and externally.
The security systems that are required for the medical system are:
Revoking the USB ports of the systems: The USB ports of the system should be uninstalled from the system. So that, the viruses and the malwares would not be able to enter in the system.
Bedside alarm system in case of emergency: The alarm would enable the nurses to get notified whenever a patient runs into emergency.
Antivirus installation in the system: The system should contain a antivirus software within the system. This would detect the viruses and eliminate them from the systems.
Additional staffs are needed to recruited in the organization so that they would keep an eye over the systems and see to it that the data theft and the data manipulation from the system do not take place and also the data integration of the system are maintained and the user data are kept discrete form the other agents that are not involved with the system.
The security vetting is the procedures that a person is required to undergo in order to gain access to the information that is very important and confidential. Thus basically the examination of the background for the person that is responsible for the security of the system and also private life of the person is judged and validated. The background check is done on the staff that would be responsible for the monitoring of the system. It is to be checked that they are vulnerable to any kind of bribe or not.
Protective Concept
Security Training
The staffs that are to perform the security procedures for the system should be well accustomed to the system and its procedures. Hence, the staffs would be requiring thorough training on the systems and the functioning of the systems. In addition to this the staffs would also be requiring the training on the aspects of the security of the systems so that they perform their task of monitoring the system very efficiently.
Awareness
All the staffs of the organization should be aware of the possible threats of the systems and also try and avoid the steps that would be increasing the risks for the systems so the system would be safe from any kind anomalies.
Vigilance
The staffs of the system should also be very aware of the fact that the system is vulnerable to some of the risks and should be vigilant so that the system is out of any kind of risks.
The threats that were detected in the site were very serious and hence efficient mitigation for the sites were to be done so that the workers and the staffs of the site were safe form the site and also the mitigation ideas were to be successfully mitigated for the resolution of the threats that were raised due to the detection of the threats. For the assessment of the threats in the systems a threat model is being used. The model consists of four stages: mapping assets to vulnerabilities, threats that can exploit those vulnerabilities and also the implementation of the countermeasures that can mitigate the assessed vulnerabilities in the systems. Threat assessment is critical to chiefs as a rule, for example, military application and physical security frameworks. In this paper, another danger appraisal show in view of interim number to manage the inborn vulnerability and imprecision in battle condition is proposed. Both goal and subjective components are contemplated in the proposed show. For the goal factors, the Genetic Algorithm (GA) is utilized to seek out an ideal interim number speaking to all the quality estimations of each protest. Likewise, for the subjective components, the interim Analytic Hierarchy Process (AHP) is received to decide each protest’s risk weight as indicated by the experience of administrators/specialists. At that point a reducing technique is proposed to incorporate the target and subjective variables. Finally, the perfect of Technique for Order Preference by Similarity to Ideal Solution (TOPSIS) is connected to acquire the danger positioning of the considerable number of items. A genuine application is utilized to represent the viability of the proposed display.
|
Asset / Component |
Threat |
Vulnerability |
Probability |
Criticality |
Losses / Damages |
Risk Level |
|
|
Direct |
Consequences |
||||||
|
USB ports |
The USB are one of the entry point for the viruses and the malwares. |
The malicious agents and the viruses would create defects in the data and also would hamper the data that is present in the system. |
High |
High |
Data tampering |
Data loss |
Extremely High |
|
Software |
The defects in the configuration of the software. |
There are risks that the other devices that are connected to the information system of the organization might become unresponsive. |
Low |
Low |
Data tampering |
Data loss |
Extremely High |
|
ePHI |
Leakage of information |
The data integrity of the users and also the research centre would be lost. |
High |
High |
Data can get stolen very easily |
The data of the users will be unprotected. |
Extremely High |
|
Network of the medical centre |
Malicious agents might attack the network. |
The malicious agents might steal the data and also can modify the data to certain extent. |
High |
High |
Data tampering |
Data loss |
Extremely High |
|
Hardware |
Defects in the hardware |
This might cause the units to become unresponsive |
High |
High |
The software would be hampered. |
The system would be unresponsive |
Low |
The outline of the threats gave the insights about the dangers that are included with the framework that will be executed in the restorative research focus. Furthermore, the primary examinations are accomplished for the security dangers and the information dangers for the framework. For any kind of malware attack to take place for the system it is necessary that the motive of the attack is known. In addition to this the skill and the ability of the attacker is also to be noted and hence, with knowledge of required description the mitigation of the attacks can be easily done. The risks that are involved with the site are basically involved with the fencing of the site and also the perimeter of the site. In addition to this there are a number of risks that are involved with the environment and the surroundings. In addition to this the level of risk of the site also varies according to the effect of the risk on the site and also on the stakeholders and the other people and resources that are related with the site of construction. The summarization of the different tasks provide the different levels of risks that are involved with the task that are to be completed within the project
Measures Effective To Protect the Facility Against Perceived Threats
The summary of the risks provided the details about the risks that are involved with the system that is to be implemented in the medical research center. In addition to this, the main analyses are done for the security risks and the data risks for the system.
For any kind of malware attack to take place for the system it is necessary that the motive of the attack is known. In addition to this the skill and the ability of the attacker is also to be noted and hence, with knowledge of required description the mitigation of the attacks can be easily done.
Risk is present when a threat has been identified, and the object is vulnerable to the said threat and cause damage. That is, Risk = Threat × Vulnerability × Damage. Therefore, it is crucial to adopt a process of identifying vulnerability and development of programs to minimize losses i.e. risk management.
The following are some of the Risk Assessment analysis, which identified those ‘Extremely High’ & ‘High’ Risks categories, for the proposed development. Those ‘Moderate’ & ‘Low’ risks assessments are showed in the ‘Risk Identification Table’
The Risk Identification Table:
|
RISK LEVEL |
TOTAL |
|
Extremely High : |
4 |
|
High : |
0 |
|
Moderate : |
0 |
|
Low: |
1 |
The M3 is basically metadata management methodology. The M3 Methodology is used for the protection of the system against the possible threats of the system. The methodology is iterative and also it is scalable and flexible process that is selected for the system. The method provides more than 150 narratives that would be very helpful for the systems and also system was basically created in the year 2003 and the system provided 100 percent of client engagement to the systems. In addition to this, the system is used for the management of the metadata and the implementation time of the system is reduced by about 50-60 %. The solution would allow selecting the necessarily best practice for the each and every stage of implementation of the system. Additionally, the system would be benefitted by the methodology and would be able to provide various type of important benefits to the organization such as cost saving and also the methodology is filed proven and also they very comprehensive to be implemented and are also customizable and they vary according to the requirements of the users. The methodology is also all inclusive for the systems.
AlHirsh, I., Battisti, C. and Schirone, B., 2016. Threat analysis for a network of sites in West Bank (Palestine): An expert-based evaluation supported by grey literature and local knowledge. Journal for Nature Conservation, 31, pp.61-70.
Beckers, K., Hatebur, D. and Heisel, M., 2013, September. A problem-based threat analysis in compliance with common criteria. In Availability, Reliability and Security (ARES), 2013 Eighth International Conference on (pp. 111-120). IEEE.
Bhunia, S., Hsiao, M.S., Banga, M. and Narasimhan, S., 2014. Hardware Trojan attacks: threat analysis and countermeasures. Proceedings of the IEEE, 102(8), pp.1229-1247.
Canto-Perello, J., Curiel-Esparza, J. and Calvo, V., 2013. Criticality and threat analysis on utility tunnels for planning security policies of utilities in urban underground space. Expert Systems with Applications, 40(11), pp.4707-4714.
Gohel, H. and Upadhyay, H., 2017. Cyber Threat Analysis with Memory Forensics. CSI CommunICatIonS, 5.
Hodo, E., Bellekens, X., Hamilton, A., Dubouilh, P.L., Iorkyase, E., Tachtatzis, C. and Atkinson, R., 2016, May. Threat analysis of iot networks using artificial neural network intrusion detection system. In Networks, Computers and Communications (ISNCC), 2016 International Symposium on (pp. 1-6). IEEE.
Johnson, C., Shreeve, M., Sirko, P., Delain, O., Ruhlmann, O., Vautier, E., Graham, B. and Meloni, M.T., 2016. Defending European Airports: Cyber-Physical Threat Analysis in Total Airport Management.
Kammüller, F. and Probst, C.W., 2014, May. Combining generated data models with formal invalidation for insider threat analysis. In Security and Privacy Workshops (SPW), 2014 IEEE (pp. 229-235). IEEE.
Kelly, R.F., 2014. Automated cyber threat analysis and specified process using vector relational data modeling (Doctoral dissertation, Monterey, California: Naval Postgraduate School).
Khan, R., Maynard, P., McLaughlin, K., Laverty, D. and Sezer, S., 2016, August. Threat Analysis of BlackEnergy Malware for Synchrophasor based Real-time Control and Monitoring in Smart Grid. In ICS-CSR.
Kotheimer, J., O’Meara, K. and Shick, D., 2016. Using Honeynets and the Diamond Model for ICS Threat Analysis.
Lu, F., Lee, S., Kumar Satzoda, R. and Trivedi, M., 2016. Embedded computing framework for vision-based real-time surround threat analysis and driver assistance. In Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition Workshops (pp. 83-91).
Mal-Sarkar, S., Krishna, A., Ghosh, A. and Bhunia, S., 2014, May. Hardware trojan attacks in fpga devices: threat analysis and effective counter measures. In Proceedings of the 24th edition of the great lakes symposium on VLSI (pp. 287-292). ACM.
Osako, T., Suzuki, T. and Iwata, Y., 2016. Proactive Defense Model Based on Cyber Threat Analysis. FUJITSU Sci. Tech. J, 52(3), pp.72-77.
Petsas, T., Okada, K., Tazaki, H., Blanc, G. and Pawli?ski, P., 2014, June. A Trusted Knowledge Management System for Multi-layer Threat Analysis. In International Conference on Trust and Trustworthy Computing (pp. 214-215). Springer, Cham.
Sharma, S., Singh, P. and Singh, A., 2016. User centric security requirements and threat analysis in Cloud Computing. Computing, 2(04).
Shick, D. and O’Meara, K., 2016. A Unique Approach to Threat Analysis Mapping: A Malware-Centric Methodology for Better Understanding the Adversary Landscape.
Tazaki, H., Okada, K., Sekiya, Y. and Kadobayashi, Y., 2014, September. Matatabi: Multi-layer threat analysis platform with hadoop. In Building Analysis Datasets and Gathering Experience Returns for Security (BADGERS), 2014 Third International Workshop on (pp. 75-82). IEEE.
Tsao, T., Alexander, R., Dohler, M., Daza, V., Lozano, A. and Richardson, M., 2015. A Security Threat Analysis for the Routing Protocol for Low-Power and Lossy Networks (RPLs) (No. RFC 7416).
UcedaVelez, T. and Morana, M.M., 2015. Risk Centric Threat Modeling: Process for Attack Simulation and Threat Analysis. John Wiley & Sons.
Vijaya, I., Rath, A.K. and Puthal, B., 2016. Exploration of Security Threat Analysis in Wireless Mobile Adhoc Network. Indian Journal of Science and Technology, 9(35).
Whyte, W., Petit, J., Kumar, V., Moring, J. and Roy, R., 2015, September. Threat and Countermeasures Analysis for WAVE Service Advertisement. In Intelligent Transportation Systems (ITSC), 2015 IEEE 18th International Conference on (pp. 1061-1068). IEEE.